Printer-friendly versionSend to friend

Command, Control and Interoperability Center for Advanced Data Analytics (CCICADA)

Many new web services are based on “mashups” that combine data or functionality from several sources to create a new service. A persistent problem for web‐based services is that existing security policies and technologies do not support dynamic and interactive integration. Therefore, web service providers and consumers often use unsecure solutions to develop mashup applications. Researchers at the Command, Control, and Interoperability Center for Advanced Data Analysis (CCICADA) are looking for effective solutions that can be easily adopted by developers to implement powerful mashups without sacrificing the security and privacy of their users.

CCICADA faculty members Vinod Ganapathy and Danfeng Yao are leading the effort to design and implement a secure framework for development of rich and dynamic web mashups. In the course of their research, their team has designed a set of protocols, which run on top of existing web protocols and standards to support secure and interac‐tive integration of web services. They are also implementing a prototype to evaluate the performance and usability of these protocols in real‐world scenarios.

According to Vinod Ganapathy, the most serious challenge is to find a way to develop a secure communication framework, which would accommodate the competing system demands presented by identity management and single sign‐on, authentication and authorization issues. In addressing these issues the team has succeeded in creating and testing a protocol for securing inter‐domain communication and a privacy preserving identity management protocol for Web 2.0 applications.